面向文化资源可信共享的多因子身份认证方案

doi:10.11959/j.issn.1000-436x.2023185

摘要/Abstract

摘要：

为解决传统单因子认证造成的数据泄露和身份冒充等问题，针对文化资源可信共享提出基于区块链的多因子身份认证方案。考虑多种身份因素，利用区块链分布式账本的不可篡改性和分布性构造异构数字身份模型。通过非对称加密算法和异或运算，实现异构数字身份的可信复用和多元主体的快速认证。安全分析和仿真结果表明，所提方案在安全性和效率方面优于已有的多因子认证方案，能有效降低身份认证成本。

关键词: 文化资源可信共享, 多因子身份认证, 数字身份, 区块链

Abstract:

To solve the problems of data leakage and identity impersonation caused by traditional single factor authentication, a multi-factor identity authentication scheme based on blockchain was proposed for the trusted sharing of cultural resources.Considering a variety of identity factors, a heterogeneous digital identity model was constructed using the tamper resistance and distribution of the blockchain distributed ledger.Through asymmetric encryption algorithm and exclusive OR (XOR) operation, the trusted reuse of heterogeneous digital identity and fast authentication of multi-agent access were realized.Security analysis and simulation results show that the proposed scheme outperforms existing multi-factor authentication schemes in terms of security and efficiency, and can effectively reduce the cost of identity authentication.

Key words: trusted sharing of cultural resources, multi-factor identity authentication, digital identity, blockchain

中图分类号:

TN918

王苗苗, 芮兰兰, 徐思雅. 面向文化资源可信共享的多因子身份认证方案[J]. 通信学报, 2023, 44(10): 34-45.

Miaomiao WANG, Lanlan RUI, Siya XU. Multi-factor identity authentication scheme for trusted sharing of cultural resources[J]. Journal on Communications, 2023, 44(10): 34-45.

图/表 17

图1

图2

图3

图4

表1

图5

表2

BAN逻辑符号"

序号	符号	含义
N1	$P \| \equiv X$	P相信X
N2	$P \| ~ X$	P曾经说过X或者P发送过X
N3	$P ⊲ X$	P 看到或接收X
N4	$P \| \Rightarrow X$	P对X有管辖权
N5	$# (X)$	X是新的
N6	$\overset{K}{\to} P$	K是P的公钥
N7	${X}_{K}$	使用K对X加密
N8	$(X, Y)$	X或Y是消息的一部分
N9	${(X)}_{H}$	使用H对X进行哈希处理
N10	$< X >_{Y}$	X与公式Y结合

表2

表3

BAN逻辑规则"

序号	名称	符号	含义
R1	消息含义规则	$\frac{P \| \equiv \overset{K}{\to} Q, P ⊲ {X}_{K}^{- 1}}{P \| \equiv Q \| ~ X}$	如果P相信K是Q的公钥，并且拥有在K^-1下加密的消息X，那么P相信Q曾经说过X
		$\frac{P \| \equiv Q \overset{Y}{⇌} P, P ⊲ < X >_{Y}}{P \| \equiv Q \| ~ X}$	如果P相信秘密Y与Q共享，并且看到<X>_Y，那么P相信Q曾经说过X
R2	随机数验证规则	$\frac{P \| \equiv # (X), P \| \equiv Q \| ~ X}{P \| \equiv Q \| \equiv X}$	如果P相信X是最近说的，而Q曾经说过X，那么P相信Q相信X
R3	管辖权规则	$\frac{P \| \equiv Q \| \Rightarrow X, P \| \equiv Q \| \equiv X}{P \| \equiv X}$	如果P相信Q对X有管辖权，并且P相信Q相信X，那么P相信X
R4	信念规则	$\frac{P \| \equiv X, P \| \equiv Y}{P \| \equiv (X, Y)}$	如果P单独相信X和Y，则P相信集合公式(X,Y)
		$\frac{P \| \equiv (X, Y)}{P \| \equiv X}$	如果P相信集合公式(X,Y)，则P单独相信X

表3

表4

图6

图7

图8

图9

表5

图10

图11

表6

参考文献 25

[1]	中国公共关系协会. 文化资源数据分类与代码:T/CPRA 301—2021[S]. 2021.
	China Public Relations Association. Classification ＆ codes of cultural resource data:T/CPRA 301—2021[S]. 2021.
[2]	CHEN L Q , LIM H W , YANG G M . Cross-domain password-based authenticated key exchange revisited[J]. ACM Transactions on Information and System Security, 2014,16(4): 1-32.
[3]	ALSALEEM B O , ALSHOSHAN A I . Multi-factor authentication to systems login[C]// Proceedings of 2021 National Computing Colleges Conference (NCCC). Piscataway:IEEE Press, 2021: 1-4.
[4]	ELIZABETH , KENNEDY , CHRISTOPHER ,et al. Data security and multi-factor authentication:analysis of requirements under EU law and in selected EU member states[J]. Computer Law ＆ Security Review, 2016,32(1): 91-110.
[5]	唐飞, 包佳立, 黄永洪 ,等. 基于属性的多授权中心身份认证方案[J]. 通信学报, 2021,42(3): 220-228.
	TANG F , BAO J L , HUANG Y H ,et al. Multi-authority attribute-based identification scheme[J]. Journal on Communications, 2021,42(3): 220-228.
[6]	ALFADHLI S A , LU S F , CHEN K ,et al. MFSPV:a multi-factor secured and lightweight privacy-preserving authentication scheme for VANETs[J]. IEEE Access, 2020,8: 142858-142874.
[7]	LIU Y , ZHONG Q , CHANG L ,et al. A secure data backup scheme using multi-factor authentication[J]. IET Information Security, 2016,11(5): 250-255.
[8]	王松伟, 陈建华 . 基于混沌映射的多因子认证密钥协商协议[J]. 计算机应用, 2018,38(10): 2940-2944,2954.
	WANG S W , CHEN J H . Multi-factor authentication key agreement scheme based on chaotic mapping[J]. Journal of Computer Applications, 2018,38(10): 2940-2944,2954.
[9]	WANG M M , RUI L L , YANG Y ,et al. A blockchain-based multi-CA cross-domain authentication scheme in decentralized autonomous network[J]. IEEE Transactions on Network and Service Management, 2022,19(3): 2664-2676.
[10]	NAKAMOTO S . Bitcoin:a peer-to-peer electronic cash system[R]. 2008.
[11]	ZHANG R , XUE R , LIU L . Security and privacy on blockchain[J]. ACM Computing Surveys, 2019,52(3): 1-34.
[12]	MONRAT A A , SCHELéN O , ANDERSSON K . A survey of blockchain from the perspectives of applications,challenges,and opportunities[J]. IEEE Access, 2019,7: 117134-117151.
[13]	DODIS Y , REYZIN L , SMITH A . Fuzzy extractors:how to generate strong keys from biometrics and other noisy data[C]// Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2004: 523-540.
[14]	翁启 . 一种基于区块链的数字身份认证方案[D]. 西安:西安电子科技大学, 2019.
	WENG Q . A blockchain-based digital identity authentication scheme[D]. Xi’an:Xidian University, 2019.
[15]	DOLEV D , YAO A . On the security of public key protocols[J]. IEEE Transactions on Information Theory, 1983,29(2): 198-208.
[16]	CANETTI R , FULLER B , PANETH O ,et al. Reusable fuzzy extractors for low-entropy distributions[J]. Journal of Cryptology, 2021,34: 1-33.
[17]	BURROWS M , ABADI M , NEEDHAM R . A logic of authentication[J]. ACM Transactions on Computer Systems, 1989,8(1): 18-36.
[18]	LABIOD Y , KORBA A A , GHOUALMI-ZINE N . Detecting DDoS attacks in IoT environment[J]. International Journal of Information Security and Privacy, 2021,15(2): 145-180.
[19]	YU B , LI X F , ZHAO H . Virtual block group:a scalable blockchain model with partial node storage and distributed hash table[J]. The Computer Journal, 2020,63(10): 1524-1536.
[20]	赵国威 . 安全协议形式化自动验证工具 AVISPA 的研究[D]. 长春:吉林大学, 2014.
	ZHAO G W . Research on AVISPA,a formal automatic verification tool for security protocols[D]. Changchun:Jilin University, 2014.
[21]	MAHMOOD K , AKRAM W , SHAFIQ A ,et al. An enhanced and provably secure multi-factor authentication scheme for Internet-of-multimedia-things environments[J]. Computers ＆ Electrical Engineering, 2020,88:106888.
[22]	AYFAA B , APA C . LMAAS-IoT:lightweight multi-factor authentication and authorization scheme for real-time data access in IoT cloud-based environment[J]. Journal of Network and Computer Applications, 2021,192:103177.
[23]	KHALID H , HASHIM S J , AHMAD S M S ,et al. SELAMAT:a new secure and lightweight multi-factor authentication scheme for cross-platform industrial IoT systems[J]. Sensors, 2021,21(4): 1428.
[24]	MIAO J , WANG Z , NING X ,et al. Practical and secure multifactor authentication protocol for autonomous vehicles in 5G[J]. Software:Practice and Experience, 2022:doi.org/10.1002/spe.3087.
[25]	张敏, 许春香, 张建华 . 无人机网络中基于多因子的认证密钥协商协议研究[J]. 信息网络安全, 2022(9): 21-30.
	ZHANG M , XU C X , ZHANG J H . Research on authentication key agreement protocol based on multi-factor in Internet of drones[J]. Netinfo Security, 2022(9): 21-30.

符号	含义
PK_U	U的公钥
SK_U	U的私钥
H₀	哈希函数
σ	使用公钥或私钥对某个信息加密后的值
sign(sth,K)	使用密钥K加密sth
verify(σ,K)	使用密钥K验证加密σ
⊕	异或运算
‖	连接操作
N	随机整数
S	随机混淆值
f	身份因子
TS	时间戳
∆T	消息的有效期
P	生物特征对应的帮助字符串

模块	计算开销
模块	用户端	RA服务器端
身份注册	(4+p)T _A	(4+p)T _A+T_h+qT_B
身份认证	3T _A+T_h	3T_A+(1+p)T_h+qT_B
身份因子更新	3T _A	3T _A+T_h+T_B
身份因子撤销	3T _A	3T _A+T_h+T_B

认证方案	计算时延/ms	通信开销/bit
IoMT方案	10T _h+6T_ecc+T_B	2 848
LMAAS-IoT方案	30T _h+T_B	1 696
SELAMAT方案	T_bp+7T_h+12T_S	1 336
AV5G方案	28T _h+12T_ecc+2T_puf+T_B	2 112
IoD方案	3T_ecc+25T_h+T_B	2 374
所提方案	6T _A+4.5T_h+T_B	512

安全性	IoMT方案	LMAAS-IoT方案	SELAMAT方案	AV5G方案	IoD方案	所提方案
身份保密性	√	√	√	√	√	√
抵御重放攻击	×	√	√	√	√	√
抵御窃听攻击	√	√	√	√	√	√
抵御伪造攻击	√	√	√	√	√	√
抵御DDoS攻击	×	×	×	×	×	√
身份可更新性	√	√	×	√	√	√
身份可撤销性	√	√	×	×	×	√
灵活性	×	×	×	×	×	√
多因子认证	√	√	√	√	√	√